<!-- Start -->
<h3 style="color:purple" id="info-introspection"><b>Information Disclosure :: GraphQL Introspection</b></h3>
<hr />
<h5>Problem Statement</h5>
<p>GraphQL Introspection is a special query that uses the <code>__schema</code> field to interrogate GraphQL for its schema.</p>
<p>
  Introspection in itself is not a weakness, but a feature. However, if it is made available, it can be used and abused by attackers seeking information about your GraphQL implementation, such as what queries or mutations exist.
</p>
<p>
  It is recommended to disable introspection in production to avoid data leakages.
</p>
<p>
  Note: If introspection query is disabled, attackers may fall back to using the <b>Field Suggestion</b> feature to understand what queries and fields are supported by your GraphQL. Refer to <a href="#info-suggestions">Information Disclosure :: GraphQL Field Suggestions</a>attack for more information.
</p>

<h5>Resources</h5>
<ul>
  <li>
    <a href="https://graphql.org/learn/introspection/" target="_blank">
      <i class="fa fa-newspaper"></i> GraphQL - Introspection
    </a>
  </li>
  <li>
    <a href="https://graphql-ruby.org/schema/introspection" target="_blank">
      <i class="fa fa-newspaper"></i> Ruby GraphQL - Introspection Guide
    </a>
  </li>
  <li>
    <a href="https://github.com/szski/shapeshifter" target="_blank">
      <i class="fa fa-shield-alt"></i> ShapeShifter - GQL Security tool for Schema Extraction
    </a>
  </li>
  <li>
    <a href="https://github.com/nikitastupin/clairvoyance" target="_blank">
      <i class="fa fa-shield-alt"></i> Clairvoyance - GraphQL Schema Enumeration Discovery Tool
    </a>
  </li>
  <li>
    <a href="https://github.com/dolevf/graphw00f" target="_blank">
      <i class="fa fa-shield-alt"></i> graphw00f - GraphQL Fingerprinting Tool
    </a>
  </li>
</ul>
<h5>Exploitation Solution <button class="reveal" onclick="reveal('sol-info-introspection')">Show</button></h5>
<div id="sol-info-introspection" style="display:none">
  <pre class="bash">
# Beginner mode

# Navigate to http://host/graphiql
# Run Introspection query

query {
  __schema {
    queryType { name }
    mutationType { name }
    subscriptionType { name }
  }
}


# Expert mode

# Introspection is disabled, enumeration of fields and dynamic testing is required to understand the structure of the application.</pre>
</div>
<!-- End -->
